Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Codeigniter + Api Key
Codeigniter + Api Key
  • El Forum
    Guest
  •  
#1
10-30-2012, 11:39 AM

[eluser]ladooboy[/eluser]
Hello,

I am planning in doing an accounting web application using Codeigniter. One feature I would want is that customers can use their smartphone(with bar code scanner app) to scan and automatically send the bar code/product code to my application.

They would use a URL like this i.e.:
www.mywebsite.com/api/products/add_product/?api_key=232323dsdsdsdsddsdsdsds&bar_code=23ddsdd33d3dd3

There would be an API controller handling these request.

I've read that oauth is the right way of handling authorization on an api basis (Client id and client secret etc.)

My question is that not an overkill, doing this for every request ?

Is there not an more efficient/quicker way of doing this ?


  • El Forum
    Guest
  •  
#2
10-30-2012, 12:01 PM

[eluser]PhilTem[/eluser]
You should create an API_Controller which every controller for api requests extends. Within the API_Controller you would check for the api_key to be a valid one.

To quickly sketch what I mean here's some code
Code:
class API_Controller extends CI_Controller {}
// Location: ./application/core/API_Controller.php
and
Code:
class Products extends API_Controller {}
// Location: ./application/controllers/api/products.php

Or you have a look at @philsturgeon's [urlhttps://github.com/philsturgeon/codeigniter-restserver]REST-Server[/url], REST-Client and this Net.Tuts+ tutorial.

Might reduce your working hours tremendously Wink
  • El Forum
    Guest
  •  
#3
10-31-2012, 12:39 PM

[eluser]ladooboy[/eluser]
@PhilTem

Thanks that's exactly what I was going to do.

If I use oauth handling the authorization for EVERY API request (updating product qty, adding an order) wouldn't that be an overkill or is that the right way to do for any requests ?
  • El Forum
    Guest
  •  
#4
10-31-2012, 12:47 PM

[eluser]PhilTem[/eluser]
I'm not that much into API/RESTful service but I guess you can use sessions for that case as well. So you would not need to do the validation on every request. Just on those when you don't find an appropriate session key (something like is_validated or api_access_allowed). Guess this stuff basically works just like a user authentication mechanism Wink
  • El Forum
    Guest
  •  
#5
10-31-2012, 02:20 PM

[eluser]ladooboy[/eluser]
Interesting. I think I will go ahead with that and see if I can work something out with sessions.

Thanks for the help!




Theme © iAndrew 2016 - Forum software by © MyBB